If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Have a look at the History here http://www.remote-exploit.org/codes_hotspotter.html
As it seams microsoft has patched Xp since sp1 to not bring the client from a secure EAP/TLS network to an insecure one without any warnings from the operating system.
So probably even the official 1.0 release of airbase will not do that!!!!

can you explain more exactly editing? ... you extracted exe by UniExtract and than some hex edit? ... I read about hexa edit but it was in meterpreter.exe... can you post what did you edit (line,text)?

Nice job, working very well. Let's walk one step forward!

Hi every one:

I've been testing for some time Wireless Key Harvester and it's a nice proof of concept and the functionality is wonderful. But let's walk one step further. Could we think about a mass attack with this honeypot.

Imagine that after working, the clients come in, get the site, have to download the meterpreter, and after getting reverse connection, they get released from the catch and get a transparent gateway to internet. So the could resolve dns and are gatewayted to internet. We could also begin to sniff... And we begin again with a new victim. I am maybe thinking in nocat auth, or nocat splash. Could we get adressed to this new direction.

Automated gateway

Maybe the answer is the payload. Maybe executing some code in the payload rb to change the DNS resolver IP in the victim's side and maybe some routing rules could help.

Again the other possibility is to study the work of nocat auth (called by the developers: catch and release). I have read that it does iptables change automatically. I have worked with automatic hotspot software and it simply catches the client, waits for authentication (in this case for payload execution) and releases the client from the captive portal so he can begin to surf free. I'll try to read more about it.

In other point: Have somebody had luck with airbase -P - C probe response. I have tried with atheros and last svn and I had to return to rc2 without -P.

And as last point: Maybe use priv dump hashes in harvester.rb to get double functionality?

Hex keys .... WKG

ok .... first of all i am a newbie but i liked your post...
iwas searching for something else and i crawled up in here ...
btw i was searching for dhcp!!! Lol...
1.i run Wireless key grabber on win vista x64 and is a different version.... you should try uploading different version of wkp.exe for wink64 system
2. Ok to the point Hex numbers .... the 64 bit version of windows works like charm and shows the numbers in hex .... so it is very simple math....
how to convert them to passphrase is very easy if their are only numbers and letters .... anyway the concept is .....
subtract by group of cuples
------example 1 only numbers 64bit hexkey----
passphrase: 12345
Wireless Key Manager output: 3132333435
subtract 30 -3030303030
ans =12345
------example 2 letters and numbers 64bit hex key ---------
passphrase:A1B2C
wireless key manager output: 4131423252
sutract 30 for numbers
...and 40 for cap. letters where 1 is A ....
..or look up
caractermap...... 41-40 31-30 42-40 32-30 43-40

another mistake !!!

in your index.html you write in code ..." onClick="window.open('/windowsupdate.exe', 'download" wrong! erno //c/windowsupdate ..... could not be found ...

should use onClick="window.open('windowsupdate.exe' no ---->/
hmmmm ok ?
ok?
LoL nioce one dude though .... if your exploit works in x64 versions you can go deeper ....
i have tried it and it works but i told you the errors ...